package cn.bs.busuo.hotel.controller;

import cn.bs.busuo.common.pojo.authentication.CurrentPrincipal;
import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;

@RestController
@RequestMapping(value = "/tests", produces = "application/json; charset=utf-8")
@Api(tags = "2. 测试")
public class TestController {

    @GetMapping("/authenticated")
    @ApiOperation("基于Security框架的认证")
    @ApiOperationSupport(order = 300)
    public String authenticated() {
        return "已经通过Spring Security框架的认证！";
    }

    @GetMapping("/principal")
    @ApiOperation("获取当事人信息")
    @ApiOperationSupport(order = 400)
    public String getPrincipal(@ApiIgnore @AuthenticationPrincipal CurrentPrincipal principal) {
        return  "当事人ID：" + principal.getId() + "，当事人用户名：" + principal.getUsername();
    }

    @GetMapping("/preAuthorize")
    @PreAuthorize("hasAuthority('/account/user/system')")
    @ApiOperation("基于Security框架的授权")
    @ApiOperationSupport(order = 500)
    public String preAuthorize() {
        return "已经通过Spring Security框架的授权！";
    }

}
